Architecture audit approach
The objective of an architecture audit is to look for weaknesses in the design, in the choice of protocols used or non-compliance with recommended practices in terms of security. An architecture audit is based on a documentary analysis followed by interviews with the people in charge of the design, implementation, administration, target IS supervision and target IS MRO (Maintenance Repair & Overhaul).
Moreover, additional analyses can be conducted on samples of network configuration (e.g. switches, firewalls) to complete this audit.
During such audits, the following are in particular scrutinized:
- Perimeter Defense
- In-depth Defense
- Breach of protocol
- Flow management
- Policies for Maintenance Repair & Overhaul (MRO), Security Maintenance, Backup, Logging
- Disaster Recovery Planning (DRP)
- The methodology draws particularly on the various technical guides of the ANSSI (French National Agency for the Security of Information Systems). At every point of the infrastructure, the Synetis auditors focus on covering needs pertaining to information systems security (ISS), i.e.: Availability, Integrity, Confidentiality and Traceability.
The response to DICT needs is provided in the light of general principles of the ISS (for example, the principle of least privilege, defense in depth) as well as through the application of guides and reference systems, notably the ANSSI’s General Security Database (Référentiel Général) Any operational constraints or constraints related to the customer’s areas of expertise, in the application of these guides and the associated recommendations are taken into account by Synetis auditors.
Below, by way of illustration, some of the results of an IS architecture audit: unsatisfactory partitioning (risk of lateral displacement), no separation between critical services, little or no filtering of incoming and/or outgoing flows, no control of nomadic access, no system hardening, no maintenance policy procedures, no centralization and/or supervision of logs, etc.